On 12/27/21 3:04 AM, Ulrich Windl wrote:
I found out the hard way: When all grace logins were consumed after the user should have changed the password, the user can no longer log in (and he/she cannot change the password either).
Future people reading this list may benefit from knowing that this is spelled out in the "Password Policy for LDAP Directories" reference in the man page: https://tools.ietf.org/id/draft-behera-ldap-password-policy-10.html. See section 4.2.1.
You are welcome, future people. Chris Paul | Rex Consulting | https://www.rexconsulting.net
